Scrut Analysis

SCORING SHEET : https://docs.google.com/spreadsheets/d/1M0mCCD9NrPd45vE5N6tzwNj9nFfqYgmMSzJ_iakl3oA/edit?gid=0#gid=0

1. Pricing

• Estimated Pricing: $5,000 – $5,500/year
• Includes SOC 2 Type II and NIST coverage

2. Timeline (depending upon current security posture)

• SOC 2 Type II: ~3–4 months (standard timeline, with observation + audit)
• NIST: supported in parallel within the same platform

3. Integrations & Evidence Collection

• Strong integration coverage across infrastructure, IDP, version control, ticketing, etc.
• Automated evidence collection available

4. Engagement Letter / In-progress Cert

• Engagement documentation available (to be confirmed in proposal)

5. Support Model

• Compliance assistance provided throughout SOC 2 & NIST journey
• Availability of customer success team for ongoing guidance

6. Frameworks Covered

• SOC 2 Type II
• NIST (native support, tracked within the platform)

7. Differentiators

• Cost-effective pricing compared to other vendors
• Dual framework coverage (SOC 2 + NIST) within one subscription
• Streamlined integrations and automations

8. Cons / Points to disc

• No AI support for quick fixes and suggestions - a dedicated team is assigned for all queries
• Observation period is completely missing from timeline? How does that work parallely or audit (other vendors have kept that period dedicated for observation)
• MDM tools? Do you support BYOD with any agent installation automation for its evidence collection? (yes, its mentioned that mdm 'tool' integration)
• Did not include NIST as discussed in the call in the proposal?
• Pen Test must for soc2? mentioned heavily in the docs